System and Methods for Accelerated Recognition and Processing of Personal Privilege Operative for Controlling Large Closed Group Environments

ABSTRACT

Methods ( 3500 - 3695 ) and apparatus ( 10, 20 ) for controlling physical ( 30, 40 ) and virtual ( 12 ) access for accelerated recognition and processing of privileges, benefits, value transfers, crowd control, community membership and status, in particular for institutions, arenas and other large venues.

FIELD OF INVENTION

The present invention relates to secured access to real and virtualvenues, and, in particular, to systems and methods for monitoring andcontrolling personal access in dynamically changing large closed groups.

BACKGROUND OF THE INVENTION

It is well known that crowd control is necessary in many common venues,such as sports events, rock concerts, hotels, universities, and othersIt would also be desirable to handle crowd control in ways that areamenable to integrating ancillary services and products that are userfriendly, and beneficial to both the system operator and to the user.

The backbone of this inventive system is the integration of amultiplicity of modern methods and apparatus around an acceleratedpeople behavior control concept which could typically allow aconcurrently available single smart card chip, off-line, to authenticatea vital up-to-date estimation of a single member of group of over twomillion members, or for a stadium control box to know even more relevantinformation about one or more individual from a plurality of membershipgroups, e.g., all of the fans of all of the leagues in the UnitedKingdom. Using this proprietary tested method, sports arenas and concerthalls, universities and hotels can offer services and product in a moreamenable fashion, at lower cost, with any such level of security whichwould be commensurate to the state of art, the resources available tothe users, owners and unfortunately, the vast capabilities and resourcesof adversaries.

Hotel operators typically control hotel guests' access to hotel roomswith mechanical locks and metal keys, and mechanically differentiated,magnetically coded, or chip-card tokens. Stadium operators servedynamically active crowds, consisting of enthusiastic fans of local andoften adversarial teams; several classes of season subscribers;corporate and other fans with various entitlements; “aways” (mostly fansfrom the opposing team); buy-back “ticket” purchasers (from seasonsubscribers who get remuneration for matches they cannot attend wherethe seat may be sold to an entitled fan or a chance purchasers); and ofvital importance, stadium and sport club employees. As opposed torelatively acquiescent hotel guests or university students, sports fansare often an unruly crowd, with adversarial interests, demanding intenseservice in a short time interval.

Hotel keepers typically abandoning conventional door locks with keys, asthey suffer from expensive lock maintenance, often demanding keyreplacement, lock adjustment or lock replacement typically caused by the“forgetful” guest who fails to return his keys upon leaving the hotel.Typically, conventional door locks are being replaced by a variety ofcoded plastic devices. Popular entitlement devices are magnetic stripecards, magnetically coded and semiconductor embedded chip keysresembling conventional keys and mechanically coded (typically withstrategically placed holes) tokens.

Typically, the electronic lock acceptors are self-contained, off-lineoperative and battery powered; occasionally the devices are wired;either networked to the guest check-in counter for on-line operation, orwired, only to avoid problems related to batteries and the difficultiesof timely replacement.

In all instances, elaborate means are necessary to ensure that at agiven time interval, the door lock will recognize the token to be bonafide, and, if possible, with an approved length of stay. In addition,means must be provided to ensure that authorized hotel employees cangain entrance to the hotel room, to provide routine and emergencyservices, e.g., cleaning or forced entrance to care for a disabledguest. In many installations, such hotel service personnel would havemaster electronic or mechanical master keys. Synchronizing the system,so that a door will recognize a synchronously encoded key to allowlegitimate entrance at a given time, is typically the problem that facesdesigners of such systems. Typically, a new synchronized key or keysmust be presented to the hotel door, when a guest's key is inoperative.Such service, typically, overrides normal security procedures. Theprinciple involved in such conventional mechanical lock andelectronically controlled door lock settings is that that the a doormust be synchronized with specific parameters in advance to recognizethe unique features of the token or key. Electronic keys typicallypossess time-variant features, and the systems typically employvulnerable schemes for synchronization, whereas any mechanicaltime-variance entails manual mechanical adjustment or replacement.

Manually synchronized mechanical locks are described in Sedley, U.S.Pat. No. 4,312,198. Sedley's lock consisted of a non-magnetic keystudded with small magnets, operative to repel magnetic studs in thelock mechanism. The placement of the studs in the lock could be changedmanually by a tool operative to alter the small magnet “combination”.Saliga, in U.S. Pat. No. 5,397,884 suggests a time variant code system,where the hotel check-in desk would algorithmically insert a series oftime linked codes relating to the projected stay of the guest in thehotel. The door lock's microprocessor with a real-time clock, would thenascertain if a link code in the key's memory matches a current accesscode. U.S. Pat. No. 5,939,694 describes a check-in station for hotels,operative to issue time linked access control devices for VingCard AS,Norway's diverse access control product line of magnetic striped plasticcards, smart cards, and other plastic security devices. U.S. Pat. No.5,321,395 describes a wireless electronic smart card type access controlsystem, wherein a via a tuned circuit, a wireless contactless isactivated to emulate a time variant keycode of entrance.

The methods of this invention are operative to safely prove identity ofa valid entity in a system, to supply information to a cryptographicallyoperated reader, with relative small memory size able to allow off-lineentry to an applicant for entrance pendant on recent or immediate statusof the applicant, as to the point of entry, the expected time intervalof entry, and in some instances to revert in due time to an on-line modeas would be necessary in a crowd control environment, or time andattendance entrance points for university or hotel employees.

Older Fortress GB Ltd. systems, some of which were deployed severalyears ago, handle up to 50,000 dynamically changing system clients, andpresently deployed systems are able to accommodate up to 250,000 systemclients in a disbursed environment with a plurality of entry points.Fortress GB Ltd's competitors have not been able to control access tosuch large clientele. The new systems, will easily accommodate up to1,000,000 potential users of such a system, where each of the 1,000,000applicants for entry are recognizable in any one of the plurality ofoff-line points of entry. With new low-cost orders of magnitude largenon-volatile memory, future entry controllers will easily accommodate,off-line, hundreds of millions of users' tokens and tens of millions ofreader devices, embedded in a plurality of conventional and futuristicdevices.

These systems have been and are being deployed with a multiplicity ofsecurity levels, methods and devices. Typically, the connections betweenthe readers, servers, issuing computers and door and gate controllershave been protected with Public Key and symmetric Cryptographic means,e.g., RSA, DES, 3DES and Wolfram methods. Multi-application andmulti-vendor applications have typically been implemented on public keyprotected smart cards and SIM chips. Users have had the benefit ofmulti-application public key protected smart cards and a plurality ofemulated public key applications, using contactless Inside and Mifaredevices.

In applicant's Provisional U.S. application No. 60/565,393, methods andapparatus for communicating with contactless smart cards are described,wherein the antenna in the terminal device, e.g., mobile phones, USBsecured mass memory devices (Intellifiers) depicted in FIGS. 14 and 15are integrated into the keypad of said terminal devices. In this patentwe suggest that the antenna may also be included in the front plasticcase or plastic clam shell cover of a terminal, to reduce powerconsumption, especially important for very near field NMR (nuclearmagnetic resonance) used in unique substance detection, e.g., thematerials manufactured by Micro Tag Temed Ltd., wherein such materialsand means of detection are revealed in U.S. Pat. No. 5,986,550. In thisdocument, we refer to the applied proprietary material as magneticicons, or by the applicant's trademark, Magicon. In the drawings we havedepicted a Magicon residing in the same near field with semiconductorelements containing memory elements that may be adversely affected bythe strong NMR fields. In such instances it may be necessary to eitherapply higher concentrations of proprietary detectable magneticallyresonating substances, or alternately, to assure that the semiconductormemory element is designed to be sufficiently immune to theelectromagnetic field necessary for validating the existence of theproprietary substance.

The idea of wireless communicating with microchip memories with avariety of devices is described in applicant's Provisional U.S.application No. 60/565,393. In that application the device antenna is onthe keypad or the front cover of the terminal device. The idea ofcommunicating with posters via mobile devices also appears in“Kowalski's Big Bet on Contactless”, in Card Technology of May 2004,page 31.

In this invention, we have set out bases for business plans andtechnological combinations for negotiating product purchases, for mobilephone betting at the arena or purchasing tickets to a rock concert,etc., where the incentive is a poster with an embedded equivalent of alarge memory smart card. Typically, embedded in the microchip is aproprietary material, typically one of the unique Micro Tag'sproprietary NMR resonating materials, recognizable by the contactlessmagnetic scanner via the smart card contactless antenna, typically,giving assurance of origin of the token substrate. The mobile phonedownloads the event program, a betting card, a mobile phone negotiationapplication from a poster. During or previous to the event, the user canplace bets, learn the results of his wagers and receive last-minuteupdates of other sporting events where wagers may still be recorded. Ata symphony concert, the user will know that his phone will not ring,except at intermission, and he will have, on the mobile screen, a reviewof the program, the instrumentalists, the sponsors, possibly withadvertisements. At an opera, an additional benefit would be an on-linelibretto, in the vernacular or the original, sponsored by an advertiser,or paid for by the user.

SUMMARY OF THE INVENTION

The following terms are used in the specification and drawings and arehereby clarified commensurate to usage in the specifications anddrawings:

-   -   Acceptable token: a token operative to prove to a token terminal        that a token holder has received authorization commensurate with        acceptance criteria of said terminal device to allow access        privileges.    -   Access: the controlled privilege of physical and or virtual        entrance into a venue.    -   Active member of community: a token-owning user recognized by        the system operator to be in good standing and belonging to an        operator-authorized community.    -   Antenna: a configuration of electrical conductors embedded in        terminals and tokens, to enable wireless communication between        the terminals and tokens, and also in preferred embodiments for        transmitting terminal-generated electromagnetic signals for        excitation of magnetic resonance, and for detecting resonance        frequencies of NMR-detectable substances, typically as disclosed        in applicant's provisional U.S. Patent Application 60/565,393.    -   Applicant: a user who has presented a token to a terminal,        thereby, typically implicitly requesting privileged access,        e.g., applying, with a mobile phone Intellifier to a betting        terminal to negotiate a bet; applying a contactless smart card        to an Intellifier.    -   Application: a procedure or set of procedures that enable users        to benefit from computerized systems; e.g., a betting        application typically includes procedures to inform users of        current odds; procedures to transfer value from a user's account        to the betting system account; and procedures to transfer value        from a betting system account to a user's account.    -   Arena: a dynamically changing closed environment to which        audiences, spectators or members of a community have restricted        rights of entry, e.g., stadiums, concert halls, ballrooms, etc.    -   Attached (wireless tokens in posters according to embodiments of        the present invention): affixed onto any surface, imprinted        thereon, or embedded in a material or substrate thereof.        Typically secured passive or active wireless electronic devices        attached to posters relates to secured passive or active        typically wireless electronic devices, which are attached to        posters, non-limiting examples of which are paper or plastic.        Such devices typically include an antenna, a microcontroller,        and non-volatile memory.    -   Attend: to gain access or to become a spectator, participant,        observer, or user in a controlled participation event, e.g., a        soccer game, a rock concert, a conference, a forum.    -   Attribute: a property, or characteristic of a user or token,        non-limiting examples which include: a privilege, an        entitlement, a status, and other single-valued        operator-certified qualities used as criteria for controlled        access. More specific attributes include, but are not limited        to: season subscriber, expected attendee, VIP, club steward,        credit rating, credit allowance, gender, age group, a veteran        status, marital status, etc.    -   Authenticate: to establish the relevant status of a token and        the token holder. Authentication processes include cryptographic        (symmetric and asymmetric) certification and proof of validity        processes; processes that prove origin of an authorized        priority; processes that include but are not limited to prove        that the token holder is the entitled owner of the token, e.g.        biometric identification or knowledge of confidential        information, typically known only to the authenticator and the        token owner.    -   Authenticator: any means or individual authorized or entitled to        authenticate entities; e.g., users, tokens, proprietary        substances, etc.    -   Authorization: the qualification of status and priorities of        system users. Authorization is typically manifested in issuing        tokens identifying users and user status, in a manner in which        system devices, e.g., terminals, university and hotel door        locks, point of sale, betting computers and other devices can        provably authenticate.    -   Authorizations for controlled access: entitlements granted by an        entity and/or device authorized by the system operator and        verifiable by system-authorized terminals and token readers.    -   Barcodes: a commonly used optically identifiable coding system        consisting of varied width numerically identifiable black bars.        In preferred embodiments of this invention, barcodes are        invisibly masked by a coating of invisible ink, identifiable        only when radiated by a resonating frequency numerically encoded        and cryptographically identifiable by the system. In more secure        preferred embodiments, the bar code is printed with magnetic ink        on a black non-magnetic substrate, and covered with a secret        invisible ink. In such embodiments, only a barcode reader is        operative to read the coding, and normal copying machine, such        as a typical Xerox device, is incapable of copying the printed        magnetic ink barcode on the black substrate, the magnetic ink        reader could not read a non-magnetic ink, and a suitable        invisible ink detector detects the absence of the invisible ink        covering.    -   Barrier: a physical obstruction, typically computer controlled,        e.g., turnstiles, gates, locks, etc., operative to control        physical access of persons.    -   Biometric identifier: a quantifiable, measurable, and computer        and human recognizable physical attribute, useful for enhancing        user identification and proof of a one-to-one relation to ID        tokens for applications defined herein. Examples of such        uniquely definable attributes include, but are not limited to:        facial images, fingerprint images, finger geometry measurements,        unique data that a user knows, magnetic resonance images of body        parts, etc. Templates for comparing such attributes are        preferably stored and evaluated in tokens and or in secured        devices, typically from secured data bases.    -   Blocked List: a file listing wherein specific token-identifying        bits signify that a numbered token is permanently denied        (revoked) or temporarily denied (rescinded) of the entitlement        relevant to the listing. Typically, the blocked listing includes        a time-stamp.    -   Buy-Back: the profitable scheme for “recycling” a season        subscription user's privilege to attend an event. The operator        refunds a portion of the price of the subscription and is able        to resell the privilege to another patron. The subscriber        typically chooses to arrange the buy-back with the operator,        else he entrusts a third party with her/his valuable token. This        prevents the typically illicit practice of hoarding and        scalping. The process is typically accelerated and simplified by        the Fortress GB Ltd. proprietary listing system, and is an        integral part of the process demonstrated in FIG. 5. In a        preferred embodiment, typically, the issuing station complements        the subscriber's bit in the “expected binary list of attendee        tokens”, before cut-off-time, subsequently enabling the        ticketing station to process a second privilege. In preferred        embodiments typically the purchaser is a member of the community        who has reserved preferential rights to purchase such privilege.        In preferred embodiments, the operator's ticketing office is        entitled to deliver tokens issued by the issuing station and to        issue tokens authorized by the issuing station, typically for        simple one-time authorized ticket tokens.    -   Clock, Real-Time Clock: a device operative to measure and reveal        date and time of day, in the conventional sense. Typically, a        clock is battery backed and reasonably accurate, typically used        to aid in defining time frames for token holder's priorities;        e.g., a steward's free entrance priority typically is for        specific events several hours previous to the event; a hotel        maid's token's priority is typically for a given day, to a given        section of rooms, for a defined time frame; a token holder who        purchased entrance privilege to an event after terminals        activity lists were updated, i.e., after cutoff time. After        cutoff time, purchase tokens have certified authenticateable        time-stamps recorded in the token allowing terminal devices to        grant access subsequent to proof of entrance privilege, thereby        allowing access, despite the absence of proof of the token        holder's proof of privilege on the terminal's activity listing.        Typically, file listings include time-stamps.    -   Closed Circuit Television (CCTV) system enhancement: any of        various options typically synchronized to a user's entering a        controlled area. Typical CCTV enhancements display user images        on control box monitors, to record, analyze, and compare such        images to users' images in typically confidential operator's        data bases, and to transmit images to an arena control room to        aid in controlling illicit applicants, unruly users and or        groups of users.    -   Cluster: a group of conceptually allied entities typically        interconnected or capable of being controlled by a central        controller; e.g., the group of gates regulated by a control box;        the troop of stewards monitoring crowd movements; the betting        computers in the arena; the disbursed personal computers with        Intellifiers.    -   Community: a dynamically changing group of users and/or users'        tokens with interests typically common to the system operator.        Non-limiting examples include: the communities of students,        patrons, performers, and employees of universities, symphony        orchestras, football clubs, hotels or universities. Also, a        dynamically changing group of tokens which also includes tokens        that an operator intends to issue.    -   Complement, binary: the act of changing the binary value of a        bit; i.e., a previously-set “1” (one bit value) is changed to a        “0” (zero bit value); and a previously-set “0” (zero bit value)        is changed to a “1” (one bit value). A bit is complemented only        if the previous value of the bit does not signify the present        authenticator determined value; e.g., if a passed-back token is        presented to the token-reader, typically, entitlement to enter        has been rescinded, and the entitlement bit has been revoked. In        such an instant, passage will be denied, and the binary        entitlement bit will not be complemented. Typically, the steward        will be alerted, and the event will be recorded in a history        file, to be statistically analyzed.    -   Control Box, Control Box Sub-systems: a gate-controlling module        consisting of one or more computer devices with activity        listings to enable token terminals and readers to ascertain        entrance priorities, to supply statistics to venue network        servers and to control operation of turnstiles and other        barriers, to operate light indicators, and, in higher security        embodiments to execute a combination of other functions, e.g.,        to operate data or image monitors, to control and record images        of spectators who have passed the barriers, to ascertain origin        of token, etc.    -   Cut-off-time, Cut-off-time stamp: a predetermined instant when        listings for specified peripherals are finalized, which is        certified or “stamped”, typically by a cryptographic process.        Consequently, any grant of rights and/or privileges issued after        such an instant, typically requires operator terminal's        validation of the token's entitlement. Typically, in order to        grant entitlement, such a process proves to the terminal that        the token's memory contains a secret, or a provable trace of a        secret, which is difficult for an attacker to contrive, thereby        proving operator's authorization.    -   Data Base: a collection of one or more typically confidential        data files containing data relevant to users' status,        priorities, financial accounts, paid up subscriptions, expected        participation at events, records of unruly behavior, etc.    -   Door Lock, Door Lock Controller: a typically off-line passage        controller device operative to authenticate token devices'        assigned rights of entry, in a given time interval, with        mechanisms to enable the token holder to open the door upon        removal of the authenticated token. Typically, the internal        computerized door lock mechanism records the history of entrees        and the time of day and the date of entry.    -   Door Master: a Fortress GB Ltd. trademark for a typically PDA        driven interface between a computing center and a, typically,        isolated device. A Door Master is particularly operative to        initialize and update off-line devices, especially door locks.        Typically, the PDA: down-loads updated activity listings and        operating software to update such activity listings in said        off-line devices. In preferred embodiments, software typically        complements one bit of a list to designate revocation of a token        right, typically indicating that a specified token which        previously had rights to unlock a specific door lock is        henceforth banned. In a university environment, only a single        door lock typically need be changed when either the token is        revoked because of loss of the token or in case of revocation of        a student's access rights. The door lock mechanism first        ascertains that the token is an active token in the university,        and subsequently ascertains if the token holder is provably        authorized to unlock the door. In an alternate preferred        embodiment, a newly issued doorlock token may “disenfranchise”        previously entitled tokens.    -   Gate: a passage controlling unit typically including        combinations of turnstiles or other barriers, token        authenticating terminals, and light indicators clustered in        sections and controlled by a control box.    -   Gate Master: a Fortress GB Ltd. trademark for an interface        between a computing device, typically a PDA, and a        token-accepting terminal in a cluster of gates which is        typically temporarily or permanently not networked to a central        computer, capable of down-loading updated activity listings,        operating software, and to update activity listings.    -   Event: an expected happening that occurs during an approximated        time frame, to which token holders aspire to participate; e.g.,        wrestling matches, football games, concerts, movies, unlocking        of doors.    -   ID: required identification of a user, relative to the context        of the application or section of thereof; e.g., at a stadium        turnstile, the user or user's token may be required only to        prove at least, temporary membership in a community, the right        to enter the stadium at a defined section, and proof of having        fulfilled requirements for attendance at an event. Within the        stadium the user may typically be requested to prove ownership        of the token and or rights to be seated in a predefined        location.    -   ID Token: a device used for identification of the token holder        and the token holder's privileges; used interchangeably herein        with “tokens”, contact smart cards, contactless smart cards, and        other wireless proximity devices, and/or printed ticket type        devices with any combination or use of single protective        security means, such as masked magnetic ink and as in preferred        embodiments of this invention invisible in masked barcodes and        proprietary Magicons; biometric identification with smart card        confidentially controlled identifying template; etc.    -   Initialization, Token Initialization: typically a process or a        series of processes, operative to prepare a token with        confidential attributes, prior to the personalization process,        which is typically enacted at a proprietary Fortress GB Ltd.        issuing station.    -   Invisible Ink: a variety of transparent very thin film masking        inks, which display light in a visible to machine or human when        irradiated by a resonating frequency operative in preferred        embodiments of this invention to mask barcode icons.    -   Intellifier: a Fortress GB Ltd. trademark for a generic class of        multi-factor security computer peripherals, as disclosed in        applicant's U.S. Provisional Patent Application No. 60/565,393.        Such devices typically communicate with tokens, to securely        record and transmit data and to enable negotiations. Typical        Intellifiers are configured in USB computer peripherals and in        secured mobile phones.    -   Issuing station: a system, device, or combination thereof for        printing; microchip programming, and certifying; magnetic stripe        encoding; embossing; encoding and decoding; operative to        enhancing tokens with unique attributes, and secret or certified        information; and/or to enable secured automatic process of        entry, or access to a device, venue or service.    -   Kiosk: an on-line device for serving users with necessary        information, and, in the university environment, to cause value        change; e.g., to convert cash to credit for purchase of goods,        services, etc.    -   Light Indicator: a generic term typically used in sports stadium        for visual display devices, similar or identical to conventional        traffic lights, for clearly indicating to a steward the        conditions of entrance or refusal of entry of an applicant,        e.g., one color typically indicates that a token is fully paid        for, usable by any applicant, another color may indicate use of        a child's token, wherein the steward will typically ascertain        that the token was not used by an adult, flashing lights        typically indicate a potential serious violation, e.g., the        token was used at the wrong turnstile; that the token was        already used at the event, (passed back), etc., typically        demanding immediate attention of the steward.    -   Lists, Activity List, Binary List, Byte List, Revoked Membership        List: an easily-accessed file wherein each addressable memory        bit or word (typically a byte) defines status of one token/token        holder relevant to a listing. In a compact university door lock        each bit in the file relates to a specific index number of a        token, in circulation, or potentially to be issued by the        university. A revocation bit is typically complemented, e.g.,        changed from zero to one, in those instances where a token was        issued rights to unlock said door lock and where such rights        have been revoked. In the arena environment, each token is        typically represented by a byte, typically describing status and        expectation of participation of the token holder in the        concurrent event. Typically, such file listings include a        time-stamp.    -   Magicon, or magnetic resonating icon: Fortress GB Ltd.        trademark, referring to an applied concentration of a        suitably-detectable amount of proprietary NMR material onto a        token in any detectable form, e.g., implanted in the substrate,        mixed into printing ink and applied as a spot, a logo, or an        index number.    -   Mobile Telephone: any conventional mobile telephone, in the        preferred embodiments with additional antennas typically        operable to communicate with contactless tokens, as disclosed in        applicant's U.S. Provisional Patent Application No. 60/565,393,        and/or to authenticate traces of proprietary typically        magnetically resonant substances.    -   Near Field, Near Field Communication, NFC: refers to ISO 14443        specification for close contact token communications, see        “Kowalski's Big Bet on Contactless”, Card Technology, May, 2004.        NFC, as opposed to Far Field Communication, uses a low amplitude        radiated electromagnetic field to energize, activate, and        communicate with a passive contactless device. In this patent, a        near field radiation is also used to activate and detect        magnetic resonance in a proprietary substance.    -   Negotiate: to conduct a process or employ a protocol to prove        entitlement, to assure transfer of value, or to prove identity.        Negotiation is used by system tokens and devices.    -   Network: the fixed line and wireless networking necessary for        systematic regulation; e.g., statistical monitoring, and control        of access to devices and closed areas.    -   NMR, Nuclear Magnetic Resonance: in the context of this patent,        a technology based on attributes of traces of proprietary        substances which when activated emit signals, typically unique        frequency combinations, which enable authentication or detection        of fraud. Reference is made herein to near-field NMR detection        without a strong static magnetic field, e.g., only affected by        the miniscule natural magnetic field, which enables reasonable        readings of a compass. Innovatively, in this patent, such        detection is enabled using the same, or a similar antenna as        normally used in contactless smart card readers.    -   Numerical Address (of an attribute of a token ID): a number        which uniquely identifies a specific attribute in a list.        Typically, the numerical address is constructed via a        concatenation of: a token ID's numerical value; the numerical        location of the bit or bits indicating the attribute; and an        optional number for making the numerical address unique, if        necessary. In a typical binary listing, the least significant        hexadecimal digit of the attribute's numerical address        (typically in the range of 0 to 7) signifies the specific bit in        the byte address. In a non-limiting example, a token ID number        is “12E45”, with the requested attribute in list number 2, so        that the numerical address is “x..x212E4”, where the attribute        bit is the sixth rightmost bit in a byte. Here, “x..x” signifies        arbitrary digits.    -   Numerical Value (of a token ID): the identifier of a token ID        taken as a number, for associating the token ID with attribute        values in an activity list, such as a list of acceptable token        ID's. The associated attributes are located via numerical        addresses related to the numerical value of the token ID. In a        word type activity list, typically the word length is 8 bits        (one byte), as 8 attributes are typically sufficient for        applications. In typical word applications, each bit signifies a        single attribute of a specific token-holder via that        token-holder's token ID. In some embodiments, two bits define        related attributes; in a non-limiting example, one read-only bit        signifies that a token-holder is an expected attendee, and a        second read/write bit signifies whether the token has or has not        been used at a particular event.    -   Off-line: indicates that a function, or data file in a device,        e.g., a revoke list or operating program; a peripheral device,        e.g., a betting terminal, or group of devices, e.g., a gate        cluster is permanently or temporarily not connected to or        affected by the central server or other devices in the network,        fixed line or wireless and that such device typically is        operational when not connected to such networks. Such off-line        devices are typically timely loaded with activity lists; e.g.,        in some preferred embodiments, a “white list” is a file of        mostly zeroes, where the occasional one signifies “a token and        it's owner are in good standing”; in other preferred embodiments        a zero in a “black list” signifies that the operator has        rescinded a specific entitlement to a token holder.    -   On-Line: the communicative state of a device of being connected        to the operator's fixed or wireless network, at a specific time.        Typically, after cut-off time, a gate controller box “goes”        on-line only when polled by a server to supply crowd relevant        statistics, e.g., the number of users who have entered the        stadium via the gate cluster, the priority and/or status of said        users, or instantaneously to notify the crowd control room of        potential or concurrent danger, crowd unruliness or violence.    -   Operator: an entity responsible for granting and denying users        defined privileges, priorities status, typically in defined        venues, and typically by authorizing and disbursing tokens to        users in a secured manner and to maintain control over networked        crowd control devices and other arena functions. Explicit        examples of system operators in this document are arena        operators, typically football club administration entities, and        university administrators, authorized to qualify users and        quantify users' privileges.    -   Override, Override access listing: to perform an operator        authorization granted after cut-off-time stamped listings have        been compiled and issued. Typically, tokens have secured means        to prove authenticity of granted privilege, e.g., asymmetric or        symmetric cryptographic methods for mass authentication.    -   Participant: a user with typically limited access to a        controlled event; e.g., a participant in a conference typically        is limited to points of access, and limited in allowed time        intervals.    -   Passage Controller: see barriers, door lock controllers,        turnstiles and gates.    -   PDAs (Personal Digital Assistant or Personal Data Assistant):        handheld personal computers, typically with wireless        communication attributes. In this invention, PDAs, used by        stewards, are typically enabled to communicate with the server        either via an on-line wireless network or with manually inserted        flash memory devices. Typically, they include modules to read        tokens, e.g., barcodes, contactless smartcards, or conventional        contact smartcards. The stewards typically use PDAs to aid users        to know and find seating arrangements. In those instances        wherein arena control boxes, door locks, information kiosks,        points of sale, or betting stalls are permanently or temporarily        isolated (off-line), priority lists are typically downloaded        into such PDAs and subsequently downloaded to such isolated        devices with appropriate interfaces, e.g., Gate Masters, Door        Masters, etc. typically, off-line devices have battery backed        real time clocks, which are typically reconciled to exact time        of day and date with said interfaces.    -   Person: see user, token holder, etc.    -   Performer: a user in the community, with access to restricted        areas, e.g., the locker rooms and soccer field pitch.    -   Personalization, Token Personalization: is the process of        preparing a token with uniqueness and confidentiality, linking        the token to the authorized token-holder. Typically,        personalization of a token follows a manufacturer's        initialization of a device, enabling personalization. Typically,        Fortress GB Ltd. issuing stations are operative to personalize        contact and contactless configured smart cards.    -   Poster: a conventional sign or conventional poster with an        attached wireless token typically of types used in contactless        smart cards with large non-volatile memories, operative to        communicate with wireless handheld communicators, terminals and        token readers, e.g., mobile telephones of types described in        this document, to enable such users' communicating devices to        negotiate with said wireless poster tokens, and to download from        said poster tokens relevant data and applications.    -   Predetermined number of bits (per word): the size specified for        a word, in bits. Typically this is the number of bits assigned        to each token ID in a listing. In an embodiment of the present        invention, compact listings are utilized wherein each        token-holder's attributes are stored in one word. In the        non-limiting case of byte lists, the predetermined number of        bits in the word is eight.    -   Predetermined bit value: a value for a bit selected to be either        a “0” or a “1”. Bit values typically represent a binary        attribute, e.g., in a non-limiting example, a predetermined bit        value of “0” indicates that a token-holder is an expected        attendee at an event. Accordingly, a “1” correspondingly        indicates that the token-holder is not an expected attendee at        the event. In this example, when the token-holder enters the        restricted area, the control-box will typically complement the        “0” bit to a “1” bit. Thus, if the token is illicitly “passed        back” to a conspirator, who would then attempt to use the token        for a second illicit “passed back” entrance into the restricted        area, the control box would recognize the conspirator as an        unexpected attendee, and typically flash an alert signal to the        steward.    -   Priority and privilege: equivalent terms referring to operator        authority's time-variant certified authorization of user status        and privilege in a system relevant to authorized activities in        the system.    -   Priority List: a list of token ID's associated with specified        attributes. E.g., suspect list, black list, invalidated list,        entitlement list, active list, active member list, expected        guest list, and so forth. A priority list references index        numbers of closed group tokens. Indexing each token as a single        addressable bit, or single byte, enables accelerated        confirmation of attribute for a particular token ID, and        typically, minimizes need for large memory resources in off-line        devices. A priority list is prepared from a central database;        typically, the accuracy is limited to an interval prior to the        time-stamped instant. A listing in a payment terminal, a betting        or point of sale terminal, or a door lock in a university        typically contains a revoked access listing relevant to lost or        stolen tokens, disqualified users, or tokens suspect as        counterfeit. See lists.    -   Property: an attribute or quality inherent in a user or to        device. Non-limiting examples include: a device which is public        key protected, a door-lock which is off-line, a terminal which        is on-line and battery backed, etc.    -   Range of Times: time intervals (time of day and date) recognized        by terminal devices as privileged authorized times of access by        terminals and locks with real time semiconductor clock devices,        typically battery backed.    -   Rescinding (of a token): a temporary denial of rights. In a        binary listing such a change is effected by complementing an        un-rescinded bit or an un-revoked bit; i.e., in a binary        notation, there is no difference between un-rescinded or        un-revoked, or, conversely, rescinded or revoked. Permanent or        temporary denial decisions, relevant to specific attributes are        typically authorized by proxies of the operator.    -   Revocation (of a token): typically a permanent denial of        privilege or attribute. In a non-limiting example; when a token        is lost or stolen, or if the token-holder has been deprived of        rights and privileges, the token is revoked in the list of the        community of tokens. See Rescinding.    -   Revocation List: a listing of the community defining, which        tokens have been denied entitlement. In a bit listing, a revoked        or rescinded token bit is signified by a bit complemented from        the un-revoked state. In a non-limiting example; if a zero        signifies an un-revoked status, then a one signifies a revoked        status.    -   Scalper: an individual who buys quantities of entitlements to an        event with the intent of reselling at an inflated price. In        embodiments of the present invention where subscription tokens        (which typically contain many entitlements) replace physical        subscription tickets, “scalping” is nearly impossible, as there        would have to be a trust between the token owner, the scalper        and the scalper's customer, to assure that the token is returned        to the token owner after the event. In embodiments of the        present invention, the operator pays the subscription holder an        un-inflated price for his/her typically reduced price        entitlement. The operator then typically complements the token        holder seller's entitlement or revocation attribute bit in at        least one activity list. When the operator resells the        entitlement to a second, previously unentitled token holder, the        operator either complements the previously un-entitled token        holder's entitlement bit or revocation attribute.    -   Section of gate entrances: one or more clusters of gates        typically corresponding to a closed section of reserved seats,        groups of seats, or other arena amenities. Spectators are        typically allowed access via predefined sections of gates.    -   Server, Computer Network Server: a (conceptually) central        computing system that regulates a site network, herein described        in arena and university environments to serve as a gateway to        the Internet, mobile and fixed line telephone network, and        optionally to contain supporting data bases.    -   Smart Card: a conventional paper or plastic configuration of        substantially the same size as a conventional plastic credit        card, with a semiconductor memory, with or without CPU or        crypto-controllers, see “Token”.    -   Smart tokens, buttons, tags, tickets, etc.: see “Token”.    -   Statistics. Crowd: statistics on attendees collected by gate        cluster control boxes and analyzed in system servers, that        supply vital crowd movement data, to aid in on-time initiation        of events, to supply information to police, fire departments,        system administrators relative to crowd safety, to security        controllers who must pinpoint suspect attendees, e.g., attendees        with records or suspected of unruly behavior.    -   Statistics, History file: concurrent and previously-collected        data relating to: negotiations, purchases, granted access, etc.        which are accumulated in a terminal device. In a non-limiting        example, in a networked arena system, a central computing device        polls disbursed terminals to collect crowd flow statistics.    -   Status: a condition or attribute of a user, a token, or a device        in the operator's system. Non-limiting examples include: user        status: subscriber, fan, patron, VIP, minor, etc.; token status:        revoked, lost, used once in this event, etc.; device status:        on-line, off-line, etc.    -   Steward, Club Steward: a user, direct employee, or indirect        employee, e.g., a contract worker or volunteer who typically        facilitates the flow of attendees to their assigned seats, aids        and directs users to services, supplies services or products to        users, services off and on line access means, prevents illicit        entry, actions or violence and thereby benefits the venue, place        of work, users, and/or event operators.    -   Subscriber: a member of an operator-administrated community,        such as football spectators who are fans of a specific team,        patrons of a symphony orchestra, etc. who have typically        acquired, in advance, privilege of attending one or more events        in a given time frame, typically called a “season”.    -   Successive addresses, successive values: addresses and/or values        which are assigned according to a predetermined scheme. The        predetermined scheme is not necessarily a sequential numbering        or addressing scheme. Non-limiting examples of predetermined        schemes for successive values include: 0, 2, 4, 6, 8, etc. (even        numbers); 00h, 01h, 02h, 03h, 04h, 10h, 11h, 12h, 13h, 14h, etc.        (hexadecimal, the first 4 bits of each word); and 0, 1, 2, 3, 4,        5, etc. (sequential numbers). Typically, in a word attribute        listing, token ID's are sequentially-assigned, wherein tokens        are numbered from x..x0..000h through x..xF..FFF h        (hexadecimal), wherein all numbers in the given range are        potential token-ID's. In an embodiment of the present invention,        compact binary listings utilize the least significant        hexadecimal digit for a bit number ranging from 0 (zero) to 7,        and each byte address includes a binary attribute for 8 token        ID's.    -   Terminal, Token Reader: a device that typically retrieves data        from tokens, and, in preferred embodiments inserts data into the        tokens, and computes functions, many of which are defined        herein. In an arena, terminal functions are performed both by a        token reader and a control box.    -   Ticket: a provable entitlement token. In preferred embodiments,        tickets are typically tokens with limited entitlement, typically        for single entry access, typically using reduced cost methods        for proof of access, e.g., paper tickets with Magicon and        organic black masked magnetic ink printed bar coded access        authorization.    -   Ticket Office: typically, a location serving as the human        operated computerized interface between users and the event        operator. Ticket offices typically deliver tokens to entitled        users and issue unique authorizations for after cut-off time        entitlements.    -   Time-stamp,: a provably-authentic digital declaration of the        instant that a certain event occurred; e.g., the recorded        instant on a token when a token holder negotiated the privileged        attendance to a football match. Typically, such a negotiation        declaration is for an event, which occurred after the cut-off        time.    -   Time and Attendance terminal: a closed-community access control        terminal similar to other such terminals, with additional        statistics-gathering capabilities, which can typically record        time-of-entry, time-of-exit, and relays such information via        on-line or manual off-line methods; such a terminal is typically        connected to servers over wired or wireless networks, and can        also share information with off-line terminals.    -   Token, ID token, personal token: any one of many such devices        used in systems which benefit issuers and owners with varying        levels of security (protection) depending on resources, costs,        potential value to adversaries, loss of income or benefit,        and/or liability. Examples of tokens include use of one or more        of the following used separately or together: smart cards or        parts of smart cards; embedded in plastic or applied on paper or        plastic semiconductor or other circuits; contactless or wired        devices; bar-coded devices; devices with nonvolatile memory;        devices with microprocessor control; devices with secret keys;        devices with cryptographic protection, either symmetric or        asymmetric; devices containing unique detectable material,        color, hologram, picture of user, biometric information, user        information typically difficult for an adversary to know,        distinct defined attributes, and so forth. A token may appear        not only in a smart-card derived device, but may also be        installed in a timepiece, in a subcutaneous semiconductor        device, on eyeglasses, etc. See “ID”.    -   Token holder, ID token holder: a user (see “User”) who, by        presenting the ID token, typically seeks benefit and/or access        to a controlled area or service by proving membership or other        relevance to a closed community through the aid of the token.    -   Token reader: see “Terminal”.    -   Turnstile: an electrically-controlled mechanical device        typically enabling single-direction access from one area to        another, typically enclosed area, and often enabling        uncontrolled exit from such enclosed area. Typically, a control        box issues a signal to the turnstile to release the gate lock,        and allow a single user entrance.    -   Unique material: see “Smart Card” and “NMR”. Several types of        substances which, when electromagnetically activated, emit        resonance echoes, as described in U.S. Pat. No. 5,986,550.        Alternative unique materials include but are not limited to,        materials and devices, which emit unique optical spectrums and        images, holograms, etc.    -   University: a venue whose mode of access and computerized        control are exemplary of educational or commercial institutions        in general, granting services and product to employees and        users.    -   User: a holder of a token, and may be referred directly or by        implication as: a person, access requester; attendee, token        holder, patron, spectators, viewer, subscriber, exhibitor,        performer, participant, passenger, traveler, delegate, student,        teacher, member, visitor, guest, player, employee, employer,        manager, operator, driver, rider, or any combination thereof of        members of the operator-administrated community.    -   Valid Time: the interval or intervals during which a granted        entitlement is bona fide and acceptable, as in the Range of        Times. See Range of Times.    -   Validation unit: an authentication unit or token terminal.    -   Venue: a place of interaction that benefits from access control,        including, but not limited to: a stadium; a service; an arena; a        theater; an amphitheater; a performance hall; a transportation        terminal; a station; a convention center; a forum; a government        installation; a payment scheme computer service; a chat room or        Internet site; a clinic; a financial institution, a product        vendor's computational site, internet, or otherwise networked        group; a sports facility; a recreational complex; a country        club; a night club; a private or public club; a secured        computation complex; an educational institution; a membership        club; a theme park; a hotel; a medical center or installation; a        residential complex; a parking facility; a casino; a betting        installation, a location, and computerized services thereof; a        workplace; a military installation; a transport service or        complex thereof. Such locations or entities are typically        event-related, where computer-aided controlled access is        utilized.    -   VIP (“Very Important Person”): an individual with preferred        status in the community. In a non-limiting example, a VIP        typically has reserved seating in a closed shaded box in a        sports arena, with access rights to more than one restricted        area in said arena; e.g., a lounge, a restaurant, etc.    -   Visual indicia (on posters according to embodiments of the        present invention): text and/or graphics to guide a user holding        a wireless handheld communicator in the processes of downloading        and using applications and information as indicated on the        poster. In a non-limiting example of a horse race application,        visual indicia typically includes: a guide to methods for        registering a bet and collecting proceeds; a guide to methods        for authorizing money transfer using the user's token; and a        guide to methods for accessing results of other sports events,        including a summation of the user's gains and/or losses.

Therefore, according to the present invention there are provided thefollowing:

-   -   In a venue attended by a person holding a token containing a        token ID, an access control system including: (a) a token reader        operative to read the token ID of the token; (b) an        operator-issued authenticator communicative with the token        reader, the authenticator operative to output an authorization,        the authenticator containing: (i) apparatus operative to        establish authenticity of the token ID; and (ii) a list of        acceptable token IDs, the list having a cut-off time; and (c) a        passage controller operative to allow the person holding the        token access to a predetermined area of the venue upon the        passage controller's receiving the authorization; wherein the        authenticator outputs the authorization upon detecting the token        ID in the list of acceptable token IDs.    -   In a venue attended by a user holding a wireless handheld        communicator, a data system for communicating information and        data capabilities to the person, the system including: (a) a        poster having an attached wireless token operative to        communicate with the wireless handheld communicator, and        operative to transmit data thereto and to receive data        therefrom; and (b) visual indicia printed on the poster, the        visual indicia operative to guide the user to perform a        procedure for establishing data transfer between the attached        wireless token and the wireless handheld communicator.    -   In a system of tokens, wherein each token has a unique token ID        and describes an attribute of a token-holder, an attribute        scheme for determining whether the attribute applies to the        token-holder, the attribute scheme including: (a) a list        associated with the attribute, the list containing a plurality        of bits, wherein each bit has a bit value and a unique address,        and wherein each of the token IDs corresponds to a bit of the        plurality of bits; (b) a token-reader operative to read the        token ID of the selected token and operative to access the        list; (c) an authenticator communicative with the token reader,        the authenticator operative to: (i) determine that the attribute        applies to the token-holder based on the bit value of the bit        corresponding to the token ID of the selected token; and (ii)        determine that the attribute does not apply to the token-holder        based on the bit value of the bit corresponding to the token ID        of the selected token.    -   In a system of tokens, wherein each token has a unique token ID        and conveys a privilege to a token-holder, an entitlement scheme        for determining whether the privilege is revoked for a selected        token, the entitlement scheme including: (a) a list associated        with the revocation of the privilege, the list containing a        plurality of bits, wherein each bit has a bit value and a unique        address, and wherein each of the token IDs corresponds to a bit        of the plurality of bits; (b) a token-reader operative to read        the token ID of the selected token and operative to access the        list; (c) an authenticator communicative with the token reader,        the authenticator operative to revoke the privilege to the        token-holder based on the bit value of the bit corresponding to        the token ID of the selected token.    -   In a system of tokens wherein each token has a unique token ID        and wherein a presented token thereof has a presented token ID        and conveys a privilege to a token-holder, a method for        preventing the presented token from being used more than once to        exercise the privilege, the method including: (a) providing a        list containing a plurality of bits corresponding to the token        IDs of the tokens, the value of an addressable bit of which        indicates that the privilege is conveyed to the        token-holder; (b) providing a token-reader operative to read the        presented token ID of the presented token and operative to read        and change the value of the addressable bit; (c) providing an        authenticator communicative with the token-reader, reader, the        authenticator operative to determine if the privilege is        conveyed to the token-holder, the authenticator operative to        grant the privilege to the token-holder, the authenticator        operative to deny the privilege to the token-holder, and the        authenticator operative to rescind the privilege to the        token-holder; (d) having the token-reader read the value of the        addressable bit; (e) having the authenticator confirm that the        privilege is conveyed to the token-holder according to the value        of the addressable bit; (f) having the authenticator grand the        privilege to the token-holder; and (g) having the token-reader        change the value of the addressable bit.    -   In a system of tokens, wherein each token has a unique token ID        and describes a plurality of attributes of a token-holder, an        attribute scheme for determining whether a selected attribute        applies to the token-holder, the attribute scheme including: (a)        a list associated with the plurality of attributes, the list        containing a plurality of words, wherein each word has a unique        address and contains a predefined number of bits, wherein each        bit has a bit value and a bit position, wherein each of the        token IDs corresponds to a word of the plurality of words, and        wherein the selected attribute corresponds to a bit        position; (b) a token-reader operative to read the token ID of        the selected token and operative to access the list; (c) an        authenticator communicative with the token reader, the        authenticator operative to: (i) determine that the selected        attribute applies to the token-holder based on the bit value of        the bit at the bit position corresponding to the selected        attribute in the word corresponding to the token ID of the        selected token; and (ii) determine that the selected attribute        does not apply to the token-holder based on the bit value of the        bit at the bit position corresponding to the selected attribute        in the word corresponding to the token ID of the selected token.

BRIEF DESCRIPTION OF THE DRAWING

The invention is herein described, by way of example only, withreference to the accompanying drawings, wherein:

FIG. 1 is a top-level illustration of the off-line/on-line securitysystem of a sports arena operative to use a plurality of features andfunctions for regulating spectator activities both inside and outside ofthe enclosed arena area using a multiplicity of schemes to enhance bothsecurity and required functionality.

FIG. 2 is a top-level illustration of computer controlled securitysystems encompassing the activities of university students and employeesin and around the university campus, with a multiplicity of schemes,typically relevant but not limited to: universities and colleges;convention centers; forums; recreational complexes; membership clubs;hotels; medical centers; workplaces; residential complexes; parkingfacilities; betting establishments; casinos; and transporters, e.g.,subscribers to free transportation in a given time frame.

FIG. 3 is a flow chart of the central control functioning to securelyprovide accelerated off-line monitored entrance of crowds into an arenawith the ability to provide on-line crowd statistics to assure safepunctual inauguration of a mass attended event.

FIG. 4 is a flow chart of the control unit functioning to securely allowoff-line entrance to a student dormitory for students and authorizeduniversity employees.

FIG. 5 is a simple depiction of the compact listings operative to enableaccelerated timely authentication of status of tokens and system users,especially designed for off-line devices with limited memory capacities,e.g., hotel and dormitory door locks with small cost sensitiveelectronic circuitry, and for arena control boxes controlled by smallmicrocontrollers, etc.

FIG. 6 is a simple depiction of a multi-system smart card styledpersonal identification token operative to communicate either viaelectronic wired connections (contact type smart card); or via radiofrequency near field communication (contactless type smart card), with aan imprinted shape, a Magicon, of uniquely detectable proprietarymagnetically resonant material; with a unique issue number.

FIG. 7 is a simple depiction of a near field contactless token terminalwith an internally embedded antenna operative to communicate with tokenswith antennas and collaborating microchips, and also to cause uniquemagnetic resonance in proprietary material of FIG. 6 and with circuitryand computerized methods to detect such resonance.

FIG. 8 is a simple depiction of a user presenting a token to a wirelesstoken authentication terminal described in FIG. 7, wherein said tokenhas one or more attributes pertinent to those described in FIG. 6.

FIG. 9 is a simplified description of devices typically used at aturnstile, pertinent to allowing user passage through the turnstilebarrier: a contactless token, the token authenticating terminal, theturnstile, and the status light indicator.

FIG. 10 is a schematic depiction of a steward with a hand held PDA typecomputer; typically such computerized wireless communicating devices areoperative to enhance security, ensure proper use of discounted tokensand user friendly services assuring safe timely seating of crowds in thearena.

FIGS. 11A and 11B are schematic depictions of clusters of entranceturnstile gates with sub-system control boxes, in both figures, andclosed circuit television for people monitoring in FIG. 11A. Thesub-systems are designed for off-line crowd control with intermittenton-line auditing.

FIG. 12 is a schematic depiction of a preferred embodiment of thecentral secured token issuing station, typically operative to processand prepare ID tokens, typically smart cards and paper tickets,compliant with levels of security and systems administration's methods.Typically this central unit prepares listings for off-lineauthentication.

FIG. 13 is a schematic depiction of a preferred embodiment of mobiletelephone system operative to communicate with a wireless token and todetect counterfeited devices in a near field. Such devices, without NMRdetection attributes, are described in applicant's Provisional U.S.application No. 60/565,393.

FIG. 14 is a schematic depiction of a preferred embodiment of a personalcomputer system, an Intellifier, operative to communicate with awireless tokens and to detect counterfeited devices in a near field.

FIG. 15 is a schematic of a preferred embodiment for down-loading accessand priority listings where data are downloaded into hand held computerdevices with interfacing connectivity to secured door locks, points ofsale, gate clusters and other terminal devices, operative to preparesaid devices for future secured events and negotiations.

In applications in FIGS. 16, 17 and 18, in alternate preferredembodiments, the poster may guide the user with information on how tocommunicate and download the proposed application and information; e.g.,using popular mobile phone wireless channels.

FIG. 16 is a schematic depiction of a preferred embodiment of a wirelesssystem, operative to convey authenticated information from a poster withan attached semiconductor device and an authentication substanceprovably of unique origin.

FIG. 17 is a schematic depiction of a preferred embodiment of a wirelesssystem, operative to convey authenticated information from a poster withan attached semiconductor device and an authentication substanceprovably of unique origin.

FIG. 18 is a schematic of a preferred embodiment of a wireless system,operative to convey authenticated information from a university posterwith an attached semiconductor device which is downloaded to a mobilephone.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

In FIGS. 1 and 2, two distinctly different closed group computerizedsystems are depicted based on similar innovative personal identificationmeans operative to benefit system operators and users. In both systems,confidential regulation is based on personal identification tokens, 5,operable to assure a measure of security, commensurate with availableresources and level of implementation; e.g., on line betting usingmobile phones with Intellifiers, 530 and applications with the clusterof Posters 215 in FIG. 2, in preferred embodiments are deployed withmodern security systems compliant with the Europay, MasterCard or Visa(EMV) smart card based system specifications, implemented withcombinations of contact and contactless smart cards.

The Arena system of FIG. 1 is networked to a server system, 10,connected to token issuing station, 20; and to a ticket and reportprinter 160, operative to assemble and control a secure data base ofstatus of users in the community, and at appropriate cut-off-times toassemble and distribute compact status lists, see FIG. 5. Server systemis also operative to serve as a wireless gateway to mobile telephones,85, and to hand-held PDAs, 100, which help serve steward's, 60, controlcrowds, and interface elements, 90, between server,10, in the event thatnetwork, 15, has failed, all or in part. The issuing station, typically,initializes and personalizes tokens, 5, for distribution months beforethe relevant sport's season. Prior to events, the issuing station, 20,prepares status listings typically for gate cluster control boxes 50 and52; for point of sale units 140 (clustered in to subsystem, 145); for akiosk, 170, to aid users with timely information; for betting computers,130, clustered in subsystem 135; for stewards' PDAs, 100; for disbursedpersonal computers 120, with Intellifiers, 530, in subsystem 125 for usein arena ticketing offices, in corporate users offices; in operators'and agents' premises, etc.

The hardware output, 165, of the issuing station, and the report printerare typically delivered by conventional means, e.g., delivered bypriority mail services and hand delivered at operator's ticket offices.Users' mobile phones, 80, with Intellifiers, 530, clustered in mobilephone networks, 85 are typically used for purchasing product, tickets,and for betting.

Typically a steward, 60, is stationed opposite clusters of controlledgates, 30 and 40, operative to monitor the in-flow of attendees, andaiding such individuals to find their way to their seats. A part of thetroop of stewards with PDAs, 65, with status lists and token terminalfunctions is typically patrolling the stadium grounds and the incomingcrowd, operative to assure family friendly movement of entitled users totheir seats and to detect illicit activity. While users are entering thearena, typically, the central server, 10, polls the entrance systems,35, via the control boxes, 50 and 52, operative to collect statisticsrelevant to the flow of the entering crowd, and the filling up of eachsection of the arena, typically complying with fire and policedepartment rules and crowd control regulations. Typically informationrelevant to unruly or potentially unruly individuals will be relayed tothe arena control room, not depicted. Typically, images from control boxclosed circuit television system, 52, of selected individuals or groupsare digitally photographed with closed circuit television cameras, 260,and displayed on control box monitor 265, prior to relaying said imageon fixed line network, 15, or by alternate wireless means. Inhigh-security systems, typically suspect images are visually anddigitally compared with images stored, typically, in the secured server,10. In a preferred embodiment, when a user with a record of unrulybehavior passes the turnstile, control boxes 50 and 52 are operative tosignal stewards, 60, and the central control room.

Secured cluster, 30, and higher security cluster, 40, are each off-lineregulated clusters of individual gates systems, 150. A gate system, 150,consists of a token terminal 250, a turnstile, 280, and a lightindicator, 270. Typically the token terminal will check the relevance ofthe token in the system, pass the result of the relevancy check to thecontrol box, either 50 or 52. If the result is positive, the control boxtypically checks if the token represents a user on the expected list. Ifso, and a previous token has not “proved itself” to be the “identicalto” the same token, the control box typically emits a release signal tothe turnstile lock, thereby allowing, typically, one person to pass theturnstile. Typically, milliseconds later, the control box causes avisual signal to appear on one of the light indicators, notifying asteward, 60, of the class of token that activated the system, to assurethat an adult was not using a minor's concession token. In the event ofillicit attempted entry or wrong choice of gate entry, the lightindicator, 270, typically would flash red to request immediateconsideration by a steward, 60.

A Gatemaster 90, is a peripheral useful to manually download relevantlists to gate control boxes, 50 and 52, to points of sale, 140, tobetting terminals and to all authorized system devices. Typically, allgating systems are battery backed, and are capable of operatingoff-line, typically, pendant only to their having been loaded with validoperational listings. In preferred gate cluster embodiments the listingwould have more than the single bit basic attribute, “expected” or “notor no longer expected”; e.g., other typical optional attributes: tokenowner “is” or “is not” a: VIP; the token holder “is” or “is not” aseason subscriber; “is” or “is not” a minor; the token applicant “has”or “has not” a record of unruliness in the last 12 months; etc. Manualdownloading of listings is relevant to points of sale, 140, to bettingterminals, 130; to ticket office computers in 125; to Intellifierinterfaces, 530, which are depicted on point of sale terminals, 140, ondisbursed PCs, 120, and on mobile phones, 80. In preferred embodiments,stewards PDAs are operative to upload statistics from control boxes, 50and 52, typically when said control boxes are temporarily off-line.

FIG. 1 does not depict Mobile phone arena and other remote poster drivenbetting applications, typically relevant to sport arenas, are depictedin FIGS. 16 and 17.

Due to the normal off-line functioning attributes of the subsystems theinflow of users is typically minimally affected when a network fails, ora single control box is inoperative.

The University token controlled system of FIG. 2 is networked to asystem server, 10, and to an application gateway server, 12. The tokenissuing station, 20, typically, initializes and personalizes tokens, 5,typically at the outset of the school year. The token issuing station,20, is operative to control and update a secure data base of users'status. In preferred embodiments, the ticket and report printer, 160, istypically operative to issue one-time paper ticket tokens and to issuestatus reports for the operator. The hardware output, 165, of theissuing station, and the report printer are typically delivered byconventional means, e.g., priority mail services and at universityoffices.

In preferred embodiments, prior to events, and at instants when tokenschange status, e.g., students leave the university, tokens are lost, theissuing server 20 prepares status listings for the sport arena, 70; andother restricted university events; for points of sale units 140(clustered in to subsystem, 145); for kiosks 170, for time andattendance units, 190, disbursed in the campus; for disbursed personalcomputers, 120, with Intellifiers, 530, in subsystem 125 for use inuniversity administration offices, and in university laboratories.

Dormitory (halls in the UK) doorlocks, 205, are off-line battery backedunits for granting controlled, time of day and date dependent access. Inpreferred embodiments, typically, issuing station, 20, downloadsactivity lists to PDAs, operative to securely update doorlock accessentitlement lists, via the Door Master, 95, interface. Issuing station,20, programs into each entitled user's token, 5, a provable entitlementto open one or more designated door lock for suitable ranges of times.If an entitling token is lost or stolen, a university employee with aPDA and Door Master typically will have to complement only the losttoken bit in the “activity list” in the specific entitled doorlock ordoorlocks. Other activity lists are typically securely updated over thenetwork, 15.

An authorized token, 5, is operative to prove access entitlement to thedoorlock's internal electronic controller, which typically connectsdoorlock handle to the tongue of the door mechanism, operative to enablethe token holder to open the designated dormitory door.

A user's mobile phone 80, typically with an Intellifiers, 530, clusteredin a mobile phone network, 85, is typically used to purchase access touniversity events, and to download application programs, and datarelevant to activities driven by posters, 220. Typically, when using amobile phone for a poster driven purchase, the token holder will proveagreement to a financial agreement, using cryptographic attributes andmeans of the user's token.

The university arena subsystem, 70, typically includes the sameessential elements as the arenas of FIG. 1, typically with lower levelsof unruliness and less esoteric security constraints. Tokens and“expected attendee lists” serve similar functions.

The Door Master 95, is a peripheral interface useful to manually toupload stored data from system devices via a PDA, 100, e.g., which tokenusers gained entry to a system device; to download system applications,and computer programs and to download relevant lists, see FIG. 5, to adormitory (hall, UK) door locks, 200 in the cluster of all of thecomputerized door locks, 205, to a points of sale, 140 in the assemblyof all of the community's points of sale, 145, via an Intellifier, 530,in any authorized device, to a poster semiconductor application device,400, in the application poster, 213, in the subsystem of applicationposters, 220, to a kiosk, 170, in the subsystem of kiosks, 175, to atime and attendance device, 190 in the subsystem of time and attendancedevices, 195; e.g., at entry points to the university campus, at entrypoints to university laboratories and lecture halls, and to otherauthorized system devices.

Typically, off-line devices are battery backed, typically operative fortwo or more years, before necessary battery replacement. On-line devicesare typically battery backed with power-line battery chargers, to assureconstant off-line service during power outages and brown-outs. Criterionfor activity lists are obvious, including but not limited to: expectedattendance, absence of delayed payments in the last 12 months,membership in good-faith of students and faculty, etc.

Application server, 12, is operative to download applications and datato poster's contactless semiconductor token, 213, and to the collectionof posters, 215, and to regulate further negotiations between users' andapplications typified by poster, 212 in FIGS. 2 and 18.

FIG. 3 is a self explanatory flowchart of Fortress GB Ltd's proprietarymethod of accelerated managing entrance of football spectators into asport arena. The process of allowing spectators to pass through theturnstiles is essentially an off-line procedure, capable of proceedingduring intervals of unexpected power outages, and failed computernetworks.

FIG. 3 is a simplified flow chart of the principal activity of crowdcontrol in a sports arena, relevant to the cluster of entranceapparatus, 35, of FIG. 1. At introductory and background step, 3500,prior to activating apparatus, 35, activity status lists are down loadedinto gate controllers (control boxes) 50 and 52; and while gates areoperative to allow entry to the arena, the central server, 10, pollssaid gate controllers for timely statistics of flow of attendees andnotification of irregular events. Steps 3620, 3630, 3660, 3690,typically result in denial of entry to unentitled token user, resultingfrom queries 3520, 3540, 3560, 3570, 3590 and 3595. The queriesdetermine if the applicant token belongs to the system, if the token ison the “expected attendee list”, if the entry point is compliant withthe seating arrangement allotted to the applicant, and if the applicantactivated the turnstile in the allotted time interval. Negative answersto such queries typically cause denial of entry.

Step 3580 describes the basic activities of the gate cluster controlbox, typically: to log access details, to complement the bit in the“expected attendee list”; to signal an indication to the steward, e.g.,energizes a lamp in the light indicator, FIG. 1, 270; to send anauditory signal to alert a steward, (not depicted in FIG. 1); and for ashort time interval to energize an unlocking device operative to allow asingle authorized user to pass the turnstile.

Query 3670 typically verifies if a token represents the last applicant,and if this applicant did not succeed to activate the turnstile in theallotted interval. In such cases, step 3675 activates the turnstileunlock for the timer interval. Subsequent to the applicant's entry intothe restricted area, step 3695 updates the entrance audit statistics,which are transmitted when server, 10, polls the control box.

The transmitted lists are time-stamped with date and time of lastup-date, “Cut-Off Time”. Typically, any “provably valid” token, which isnot included in the “Active List”, which has received entitlement afterthe “Cut-Off Time”, will have provable mention of entitlement in thetoken memory with corresponding time of issuance of said entitlement.Typically, the token will include the specific seat in the seatingentitlement.

Typically, the control “box” of a cluster of gates is operative toaccept and reject users with contactless tokens. Typically, severalhours prior to opening the gates to allow spectators' entrance to thestadium, the issuing station, 20, prepares “activity lists”, depicted inFIG. 5, to be downloaded into control boxes, and into club stewards'PDAs. 100.

FIG. 4 is a flow chart of the control unit functioning to securely allowoff-line entrance to a student dormitory for students and authorizeduniversity employees. The scheme, typically, has relevance for otheraccess control embodiments described in this patent.

Introductory steps in 4500, describes system deployment of tokens andapparatus, depicted in FIG. 2. Tokens, 5, in FIG. 2, are issued tousers, with authorization to enter specified rooms in defined times anddates. Doorlocks, 205 are installed, with appropriate activity lists,see FIG. 5. Such lists enable activation of unlocking device in adoorlock, 200, if token can prove authorization, and if updated activitylists in the door do not negate prior authorization.

As door locks are energized by inexpensive batteries, typically withexpected life of two or more years, under normal conditions, theelectronic unit is in a minimum current consumption state, “sleep mode”,where typically only a real time clock will be active between tokenactivations. At step 4510, the token is inserted into the doorlock,typically closing a switch, awakening the door lock microcontroller.

After activation of controller in Step 4520, the controller tests forproof of relevancy to the community. Typically, this process includesdetermining if the token is able to communicate with the doorlockcontroller, and prove that the token was personalized by the university.

At step 4530, the doorlock controller verifies result of step 4520, tosee if the device is a device of a type issued by the university, andwas personalized by the university. At step 4540, the doorlockcontroller verifies if the token holder is a certified member, and at4550, if the applicant has applied for access within the priority timeinterval certified in the token. At step 4560, the controller checks theuniversity's certificate to verify if the token was authorized forentrance to the specific room. If the conclusion of any of the previousqueries is negative, the controller in step 4595 signals denial ofaccess, and reverts to minimum current consumption sleep mode, wherein,typically, only the real time clock and calendar is active.

Step 4570 is necessary to ascertain if after personalization accessentitlement of the token, or token holder has been revoked by theuniversity. Such revocation is typically a result of a student's leavingthe university, or that the token has been lost or stolen. If the user'sbit in the activity list has been complemented, step 4580 causes denialof access. If the answer is positive, the controller, typically recordsaccess time in both the doorlock memory and in the token, and energizesthe unlocking mechanism in the door for a defined, typically few secondinterval, allowing the token holder to enter the dormitory room.

FIG. 5 is a simple depiction of the use of compact listings operative toenable accelerated timely authentication of status of tokens and systemusers. Originally, this listing structure was designed for off-line andon-line devices with limited memory capacities, e.g., hotel anddormitory door locks with small cost sensitive electronic circuitry. Insuch instances, the answer to a query of the activity list was a simpleyes or no; “is the applicant's token in the list of viable tokens?” Insystems, similar to FIGS. 1 and 2, disbursed devices with largermemories execute a plurality of complex functions, which typicallydemand a larger variety of token holder attributes.

For limited questioning, typically, the binary file structure, 300, issufficient. In this example, a verifying device is programmed to answerquery, 320, if in list #2 user number 12e45H has a positive attribute.

Token index number 12e45 is represented in list #2, at byte address212e4, at bit number 5. Note, the most significant hex digit of theaddress is the list number, and the least significant digit of the tokenindex number, 5, is the 5^(th) least significant bit of the byte, 330 ataddress 212e4H. Assuming 1 is yes, the answer to the query, 340, is yes.

In activity list structure, 315, each byte represents one token, with 8bits representing 8 binary attributes. Query, 325, signifies a requestof binary knowledge of the 4 attributes represented by the 4 leastsignificant bits, “efgh” of user number 12e45H in List #2. Data inaddress 212e45H is, 01100101. In this sample, bit f=1 and bit h=1; andbits e and g are zeroes. Attributes f and h, therefore are “Yes” andattributes e and g are “No”. As all consecutive index numbers of tokensin this closed system represent either a token that was issued and ispresently certified, or a token that may be issued and certified forconcurrent use, the memory is minimal, and the search in the listing isquickest, deterministic and immediate. User numbers can be recycled,once the certified expiration date has passed. This proprietaryattribute has enabled Fortress GB Ltd. to lead the competition in thesize of communities enabled in simple electronic devices with limited onboard memory.

FIGS. 6, 7, and 8 demonstrate several combinations of means to ensureaccelerated and/or steward monitored access to closed arenas. Prior artbar-code readers and Magicon verifiers, typically hand-held, are notdepicted.

FIG. 6 is a simple depiction of a multi-system smart card styledpersonal identification token, 5, with an embedded semiconductorintegrated circuit, 400, operative to communicate either via electronicwired connections, 410, (contact type smart card); or via a radiofrequency near field communication antenna, 420, (contactless type smartcard), with an imprinted shape, a Magicon, 430, of uniquely detectableproprietary magnetically resonant material; an 8 digit number printed bya counter in Arial font, 6 pte size letters in dark blue with secretink, 495; with a passport type photograph of the token holder, 490, andwith a bar-code imprint, 440, operative to convey data to a bar-codereader. In preferred embodiments, said bar-coded data, 440, is imprintedwith magnetic ink, typically disguised with a black non-magneticcovering imprint, typically preprinted, not depicted. Such blackcovering, either preprinted, or printed after unique bar-coding, doesnot deter a magnetic ink bar-code reader. Typically, in preferredembodiments, disguised magnetic bar-coding and or proprietary Magiconimprinting may be applied as an additional deterrent to adversaries,after original personalization of tokens; e.g., Magicons may be appliedwith a poor binder to an “away” ticket, at an arena, outside ofentrance, when each applicant's token is verified; in preferredembodiments, a disguised bar-code or a Magicon may be applied when asubscription token is re-personalized for an additional season. Thepassport photo of the token owner is especially important for steward'saccelerated verification of holders' of reduced price tokens; e.g.,light indicators in FIG. 1 and FIG. 2 alert stewards when reduced pricetokens enable token holders to enter a closed arena area.

FIG. 7 is a simple depiction of a near field contactless token terminal,250, with an internally embedded antenna, 250, operative to communicatewith tokens with antennas and collaborating microchips, and also tocause unique magnetic resonance in Magicons, 430 of FIG. 6. Not depictedis internal currently available circuitry operative to detect authenticMagicons, and currently available circuitry, 441, to read bar-code, 440,typically imprinted with magnetic ink, and to communicate with tokens,via token's antenna, 420, in FIGS. 6 and 8.

FIG. 8 is a conceptual diagram, not to scale, of a token holder, 480,pressing a token, 5, into the near field, 460, to enable authenticationby the token terminal, 250, operative to authenticate validity of thetoken, wherein said token has one or more attributes pertinent to thosedescribed in FIG. 6, wherein, at least one attribute proves relevance tothe system, and at least one attribute relates to identification of thetoken holder.

FIG. 9 is a simplified description of devices and methods in preferredembodiments, 150, useful at a turnstile, pertinent to allowing userpassage through the turnstile barrier, 280. As in FIG. 8, user, 480,typically presses a token, 5, into the terminal's, 250, near fielddetection field, 460. In preferred embodiments terminal's antenna, 450,is operative to communicate with token's antenna, 420, and also todetect community membership, via Magicon, 430. Token's bar-code, 440, isoperative to be read by bar-code reader circuitry, 441, typicallyenabled to read magnetic ink barcode. Turnstile, 280, is typically asschematically shown in 280, but may be any of a variety of ubiquitouselectronically controlled barriers. Indicator lights, 270, are any of acombination of FIG. 1, control-box, 50, or 52, regulated indicators anddevices operative to call attention to steward, 60, of FIG. 10, ofexceptional or ordinary applicants. Ordinary applicants are typicallytoken holders, who are users who have paid full price for admission toan event. Exceptional applicants may be token holders with valid tokens,e.g., users requesting entrance at the wrong section of the arena, whowill typically need steward's assistance, or minors, who are typicallybe observed by stewards, operative to assess applicant's age and/or tocompare applicant's facial features to the image, 490, on the token.Other typically exceptional applicants include token holders' withfaulty or fraudulent tokens or tokens that have been previously used togain entrance to the event, passed-back tokens, or subscription holders'tokens which have been recycled as operator's buy-backs. In preferredembodiments, Stewards' PDAs are equipped with bar-code readers, NMRdetectors to authenticate Magicons, and contactless smart card readers.

FIGS. 11A and 11B are simplified schematic depictions, 30 and 40, ofclusters of entrance turnstile gates, 150, without closed circuittelevision monitoring in FIG. 11B, and with a sub-system control-box andCCTV imaging apparatus for people monitoring. The sub-systems aredesigned for off-line crowd control with intermittent on-line server 10,FIG. 1 auditing for crowd gathering statistics. Typically, centralserver preloads access and priority and allowance listings, described inFIG. 5, for accelerated crowd control. Control-box sub-system, 52,performs normal functions of control-box sub-system, 50, of FIG. 1,typically ascertaining, authenticating, and recording expected“non-exceptional” token holders' entrance into restricted arena area,typically on their way to be seated in the arena, while analyzing andtransmitting statistics of such movements. “Exceptional” functions ofcontrol-box sub-systems, 50 and 52, typically involve alertingoperator's steward's, 60, intervention to aid and direct applicants asoutlined in explanation of FIG. 9. Typically, the control-boxsubsystems, 50 and 52, will locally record use of an authenticated tokenin a listing of FIG. 5, and typically are operative to locally detectattempted illicit use of a token and are operative to typically recordsuspect faulty or forged token usage, in proprietary listings, of FIG.5. During the process of admitting token holders into the restrictedareas, control-box subsystems are operative to function during periodsof network and power outage failures, as complete off-line entities.When the arena's network, 15, is operative, central server, 10,intermittently polls control-box sub-systems, 50 and 52, to assembleestimations of percentages of attendees who are already seated. Whenthreshold estimated percentages are reached, typically, a last call willbe broadcast to lounges in the arena, requesting all attendees toproceed to their designated seats. In preferred embodiments, control-boxsubsystems, 50 and 52, are networked to central server's wirelessgateway, typically as a fall-back to fixed-wire network, 15, (FIG. 2).

Closed circuit television cameras, 260, of control-box 52 are operativeto record images of applicants entering, and or attempting to enter therestricted arena area. In preferred embodiments, such images are linkedto token holder's index numbers in server's data base via listingservice described in FIG. 5. Operators typically have options to recordand display exceptional applicant's, including those applicants whosetokens fail to provide affirmative proof of having operator's criterionof approval to enter at a defined section of the arena.

FIG. 12 is a schematic depiction of a preferred embodiment of thecentral secured token issuing station, 20, of FIG. 1, typicallyoperative to process and prepare ID tokens, typically smart cards andpaper tickets, compliant with levels of security and systemsadministration's methods. Typically this central unit preparesproprietary listings, as depicted in FIG. 5, for off-line authenticationprior to events. Unit 500 is a schematic description of a variety ofinitialization and personalization devices, wherein a large number ofun-personalized smart cards are introduced into automatic smart cardfeeder, 501. The process of initialization typically includes activatingtokens to internally generate, or for issuing station to insert, secretcryptographic keys, which are operative to prove to a community terminalthe validity of the token's identity and priorities. Preferredembodiments of issuing stations imprint passport type images, 490, FIG.9, identifying information of token user, bar-code identifiers, etc. onsmart card type devices. Personalized tokens are typically loaded intooutput magazine, 502.

FIGS. 13 and 14 are schematic of the elements of interfacing a token, 5,with a mobile telephone with an Intellifier, 80, and a personal computerIntellifier, 520, both of which are described in applicant's U.S.Provisional Patent Application No. 60/565,393, operative to communicatewith said token via Intellifier antenna, 510, and token antenna, 420. Inpreferred embodiments circuitry as sold by Micro Tag Ltd, is operativeto emit electromagnetic signals via intellifier antenna, to activate anddetect identifying frequencies resonated by Magicons, 430. Switch, 515,in FIG. 13, and Switch, 521, in FIG. 14, are operative to activateIntellifier circuitry by user, when placed in the close vicinity to asemiconductor module, 400, as depicted in FIGS. 13, 16, 17, and 18. Suchlimited interval activation is necessary to conserve battery backedenergy supplies in mobile telephones and lap-top computers.

FIG. 15 is a schematic of preferred embodiments for down-loading accessand priority listings, 300, FIG. 5, from issuing station, 20, FIGS. 1, 2and 12, typically to devices which are temporarily or permanently notnetworked or otherwise communicating directly with closed communitydevices. Issuing station converts relevant data from the confidentialclosed community data base into activity listings for disbursed devices.Listings, 300, in proprietary Fortress GB Ltd. activity files, aredownloaded into hand held computer devices, PDAs, 100, equipped with:Door Master, 95, with interfacing connectivity to secured door locks;and/or Gate Master, 90, operative to update subsystem control-boxes, 50and 52, and points of sale, 140, and other devices, operative to preparesaid devices with necessary status of tokens for future secured eventsand negotiations.

Door Lock, 200, is typical of door locks outfitted with Fortress GB Ltd.proprietary door lock controllers. Initial door personalization of doorlock and subsequent updating of activity listings in door lock, 200, areenacted with programs and activity lists, typically downloaded fromissuing station, 20. Door lock circuitry typically consists of: amicrocontroller with non-volatile memory, an external LED, 630, tosignify proof of approval of token to unlock in a given time frame, timeinterval allowance checked against internal battery backedreal-time-clock and calendar; internal battery; smart card readerterminal, operative to activate, read and verify inserted token, 5, FIG.2; solenoid to connect door handle, 600, to door-lock tongue, 640, for alimited number of seconds, to enable authorized token holder to enterrestricted access room. When personalized with a Door Master, 95,door-lock receives identity linked to room which lock protects, and anactivity list to recognize all indexed tokens in the lock's community,e.g., a university or a hotel. An authorized token contains a provablecertificate issued by issuing device, 20, enabling a certified token tooperate door lock, 200, during the certified time frame, providing thatsaid authorization has been invalidated.

Typically, only off-line devices, e.g., door locks and peripherals thatare not connected to the community network, are updated with DoorMasters, 95, and Gate Masters, 90. In the event that a token is lost,stolen, faulty or compromised, or the token holder has lostauthorization, typically, the only door lock that need be updated withnew activity listings, would be the specific lock to which said tokenholder has received authorization.

FIGS. 16, 17 and 18 demonstrate three separate proprietary poster drivenschemes, from posters, 210, 211 and 212, operative to add value tooperators, attendees and members of closed groups.

These schematic depictions of preferred embodiments of a wirelesssub-system, operative to convey authenticated information (suggested onposters, 210, 211 and 212 in FIGS. 16, 17 and 18) from said posters,with attached semiconductor devices, 400, and an authenticationsubstance, typically a hidden Magicon, 430, of FIG. 6, imprinted on orin said semi-conductor device are operative to enable usefulapplications. In a preferred embodiment, the unique authorizedsemiconductor device, with unique Magicon, which when authenticated bycircuitry in mobile phone with Intellifier and NMR authenticator, canprovably assure a downloading of virus free applications and relevantdata from said posters, to a user's mobile phone.

Users read content of poster, and decide if they want to participate inthe application, described on the poster. If a user chooses toparticipate, typically the user activates the mobile phone for thevalued application by placing user's token in the near field of themobile phone Intellifier, while energizing the intellifier by depressingswitch button, 515. User downloads application, similarly, by placingmobile phone, 80, in the near field of antenna, 620, and similarlydepresses switch button, 515.

Poster 210 suggests an application whereby a user engages in remotebetting from his seat in the arena; learn the odds which are relevant atthe time. Typically, the betting service is operative to enable the userto engage in intelligent wagers, in more than the arena.

Typically the application of poster, 210, is operative to download anevent program and a gambling application to safely assure regular andlast-minute betting at horse races or sports events.

FIG. 17 typifies an embodiment tailored to betting at a series of boxingmatches. This application is operative to safely assure regular andlast-minute betting and/or between bouts betting at boxing matches witha running account of sporting events on the mobile phone, 80.

FIG. 18 is a schematic of a preferred embodiment of a wireless system,operative to convey authenticated information from a university posterwith an attached semiconductor device. In this preferred embodiment,students can easily download grades, purchase tickets to events, learnchanges in classroom schedules, download classroom material, downloadlegal music, and internet such and other data to their personalcomputers, and as depicted on the poster, download an application for apersonal scheduling program to get a student to the right class, at theright classroom, on time, to turn off the mobile phone ringer duringclass time. Similar, un-depicted preferred embodiments for musicconcerts, wherein a program will be downloaded, and the mobile phoneringer turned off during the concert are feasible. A preferredembodiment for operatic performances typically includes the concurrentlibretto in the vernacular and/or the language of the opera.

1-47. (canceled)
 48. An off-line/on-line security system for an enclosedarea housing a mass attended event, the system comprising: a pluralityof gate controllers; a central controller for securely providing saidgate controllers with status lists enabling said gate controllers toprovide accelerated off-line monitored entrance of crowds into theenclosed area; and an on-line statistics provider operative to providethe central controller with on-line crowd statistics to assure safepunctual inauguration of the mass attended event.
 49. A system accordingto claim 48 and also comprising tokens, held by persons attending theevent and each comprising a token ID, wherein each said gate controllercomprises a token reader operative to read the token IDs.
 50. A systemaccording to claim 49 wherein at least one token bears a time-stampcomprising a provably-authentic digital declaration of the instant thatthe token holder negotiated his attendance to the mass-attended event.51. A system according to claim 49 wherein at least one status listcomprises an attribute of whether a token holder is “expected” or “notor no longer expected” to attend the mass-attended event.
 52. A systemaccording to claim 51 and wherein said central controller comprises abuy-back functionality in which an “expected” token holder in the statuslist reverts to being “not or no longer expected”.
 53. A systemaccording to claim 48 wherein at least one of said gate controllerscomprises a cryptographically operated reader of an attendee's status.54. A system according to claim 48 wherein said plurality of gatecontrollers normally function off-line and are operative to revert toon-line mode, vis a vis said central controller, in some instances. 55.A system according to claim 48, further comprising a steward PDAincluding a module to read tokens borne by attendees, operative todownload at least one list from said central controller and accordingly,and to assist an attendee to find his seating arrangement.
 56. A systemaccording to claim 48 wherein said central controller is in intermittenton-line communication with the plurality of gate controllers via anetwork
 57. A system according to claim 56 and wherein, when the networkis operative, the central controller is operative to assembleestimations of percentages of attendees who are already seated.
 58. Asystem according to claim 48 wherein said plurality of gate controllersare disposed at entrance points to an enclosed area selected from thegroup consisting of: a stadium, an arena, a theater, an amphitheater, aperformance hall, a transportation terminal, a financial institution, aservice, a clinic, a country club, a night club, a private club, astation, a port, a convention center, a forum, a governmentinstallation, a payment scheme, a betting installation, a securedcomputation complex, a sports facility, a recreational complex, aneducational institution, a membership club, a theme park, a hotel, amedical center, a medical installation, a residential complex, a parkingfacility, a casino, a workplace, a military installation, and atransporter.
 59. A system according to claim 48, wherein at least one ofsaid plurality of gate controllers has a changeable mode selected fromthe group consisting of: off-line and on-line; wherein said at least onegate controller is further operative to provide access control functionsin said off-line mode; and wherein said at least one gate controller isfurther operative to download and upload data in said on-line mode. 60.A system according to claim 49 wherein each said gate controller alsocomprises: an operator-issued authenticator communicative with saidtoken reader, said authenticator operative to output an authorization,said authenticator comprising: (i) apparatus operative to establishauthenticity of the token ID; and (ii) a list file of acceptable tokenID's, said list file having a cut-off time and comprising a storedversion of said status lists; and a passage controller operative toallow the person holding the token access to a predetermined area of thevenue upon receipt of said authorization, wherein said authenticatoroutputs said authorization upon detecting entitlement of the token ID insaid list of acceptable token ID's.
 61. An off-line/on-line method forcontrolling access to an enclosed area housing a mass attended event,the method comprising: providing a plurality of gate controllers;centrally and securely providing said gate controllers with status listsenabling said gate controllers to provide accelerated off-line monitoredentrance of crowds into the enclosed area; and providing on-line crowdstatistics to assure safe punctual inauguration of the mass attendedevent.
 62. A computerized networked control system serving visitors toan enclosed area housing mass attended events, wherein the visitorspossess wireless handheld ID communicators, the system comprising: (a) aposter; and (b) a wireless device associated with the poster andoperative to communicate with the wireless handheld communicators,including transmitting data thereto and receiving data therefrom,wherein the poster includes visual indicia guiding a visitor to performa procedure for establishing data transfer between saidposter-associated wireless device and his wireless handheldcommunicator, and wherein said data comprises a program for managing anddirecting the visitors' activities at the venue.
 63. A system as inclaim 62 wherein said program assures that the visitor's handheldcommunicator does not emit sound during those intervals wherein silenceis mandated at the venue.
 64. A system as in claim 62, wherein saidprogram provides a broadcasted display of a review of the event on thevisitor's handheld communicator.
 65. A system as in claim 62, whereinthe program provides a display of words enunciated in the course of aperformance taking place at the venue, in a vernacular understandable tothe visitor and on his handheld communicator.
 66. A system as in claim62, wherein the program enables the visitor to be positively identified,to place bets and to learn the results of sport events.
 67. A system asin claim 62, wherein the program reminds the visitor to arrive promptlyat at least one scheduled event.
 68. A computerized networked controlmethod serving visitors to an enclosed area housing mass attendedevents, wherein the visitors possess wireless handheld ID communicators,the method comprising: (a) displaying a poster in association with thevenue; (b) associating a wireless device with the poster, said devicebeing operative to communicate with the wireless handheld communicators,including transmitting data thereto and receiving data therefrom; and(c) interfacing with the visitor in accordance with a predeterminedprocedure for establishing transfer of data between saidposter-associated wireless device and at least one visitor's wirelesshandheld communicator, and wherein said data comprises a program formanaging and directing the visitors' activities at the venue, whereinthe poster includes visual indicia guiding a visitor to perform thepredetermined procedure.
 69. In a venue attended by a user holding awireless handheld communicator, a data system for communicatinginformation and data capabilities to the person, the system comprising:(a) a poster having an attached wireless token operative to communicatewith the wireless handheld communicator, including transmitting datathereto and receiving data therefrom; and (b) visual indicia printed onsaid poster, said visual indicia operative to guide the user to performa procedure for establishing data transfer between said attachedwireless token and the wireless handheld communicator.